TP-Link Archer BE230 Command Injection Vulnerability in Cloud Communication Interface
Vulnerability
A command injection vulnerability has been identified in the TP-Link Archer BE230 router, specifically in version 1.2 prior to 1.2.4 Build 20251218 rel.70420. This vulnerability resides in the cloud communication interface and can be exploited after the admin's authentication. Successful exploitation may grant an attacker full administrative control over the device, severely compromising the integrity of its configuration, network security, and availability of services.
Impact
Exploitation of this vulnerability could lead to full administrative access on the device, allowing for unauthorized changes to the device's configuration, disruption of network services, and potential manipulation of connected devices or users.
Remediation
Users are advised to update to the latest firmware version. The updated firmware can be downloaded from the TP-Link official website for the respective region.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.